[Intrusions] 8.1M hits in minutes w/ this traffic ...
Chris Norton
kicktd_list at hotmail.com
Mon Oct 11 15:18:12 GMT 2004
That last packet there is a connection to an IRC server.
as seen from this example below from my local test server:
:irc.localtesting.com 001 Heretic :Welcome to the ROXnet IRC Network
Heretic!Heretic at 127.0.0.1
:irc.localtesting.com 002 Heretic :Your host is irc.localtesting.com,
running version Unreal3.2.1b
:irc.localtesting.com 003 Heretic :This server was created Fri Sep 10
22:51:40 2004
This could very well be a case of a infected computer trying
to connect to the IRC host and channel. Intresting tho that it
would spit out 8M packets unless it was on the channel and
the "owner" issued a DDoS command which is very possible.
--
Chris Norton
UAT Student Software Engineering Network Defense
More information about the Intrusions
mailing list